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\ A re-authentication procedure between the 
modems of a public switched telephone net- 
work (PSTN) data connection, which is between 
a computer facility and a user, provides a sec- 
ure method for protecting the computer facSity 
against an active wre tap, or spoofing, by an 
intruder. In particular, the user^s modem and 
the computer's nxxJem perfonm a re-authenti- 
cation procedure throughout the duration of 
the data connection. This re-authentication pro- 
cedure is transparentiy performed on a side 
channeJ of the data connection. This side chan- 
nel can either be an in-band channel or an 
out-of-band channel. The re-authentication pro- 
cedure comprises an exchange of encrypted 
information between the two nnodems. If one of 
the nxxlems detects the presence of an active 
wire tap, that modem simply interrupts the data 
connection. 
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Background of the Invention 

The present invention relates to modems and to 
computer systenis. In particular, this invention relates 
to the use of modems to provide secure access to a 
computer system. 

The use of computers In today's world is contin- 
ually on the increase, from main-frames to personal 
computers, more and more people are using comput- 
er systents. In fact, it is the accessibility of a computer 
itself, via a modem and the public switched telephone 
network (PSTN), that allows almost anyone to benefit 
from the use of a computer. Unfortunately, t his acces- 
sibility also seems to attract "intruders," i.e., illegiti- 
mate users of ia computer system. As a result, the se- 
curity of a computer system, or even a network of 
computers, as to both the integrity and distritHJtion of 
the information stored on a computer, is an item of 
continuing concern to the legitimate users, owners, 
and operators of computers. 

In response to this need of providing some type 
of access security to a computer system, various 
methods are used for authenticating the identity of a 
user requesting access. One example is the well- 
known use of a "password." A variation of this, in the 
case of modem access, is a "password/callback" 
technique in which the called computer calls back the 
user at a predetermined telephone number after the 
password has been successfuDy entered by the user. 
Another example, is a challenge/response scheme 
where the computer, or "grantor," sends a random 
number - the challenge - to the user, or "requestor," 
and the requestor proves his identity by encrypting 
the random number using a secret key shared by the 
grantor and the requestor. In fact there are industry 
stendards, like ANSI X9.26-1990, "Sign-on Authenti- 
catton for Wholesale Financial Systems," ^ich pro- 
vkJe a strong node-to-node authentication procedure 
using a "challenge/response" protocol and the Data 
Encryptkin Stendard (DES) algorithm. 

However, password and password/callback tech- 
niques offer little protectkin against someone subse- 
quently taking control of the date connectk>n and 
thereby "spoofing" the computer system. In addition, 
the challenge/response method of ANSI X9.26-1990 
only provides a method for authenticating a user's 
kJentity during the initial sign-on. or login, procedure. 
In other words, the above-mentioned techniques do 
not protect against an intruder who uses an "active 
wire tap" that disconnects the user after the initial 
sign-on procedure and allows the intruder to take 
control of the date connection to access the comput- 
er. 

As a result, if access security to a cc»nputer sys- 
tem is of prime concern, as opposed to privacy of the 
data connectton itself, other techniques are required 
to ensure that a data connection is not vulnerable to 
an active wire tap. For example, complete encryption 



of the data stream using DES encryption is one pos- 
siUe means of preventing an intruder from subse- 
quently gaining access. Another alternative is illu- 
strated by U.S. Patent No. 4.802.217. issued to Mich- 

5 ener on January 31, 1989, in which a computer con- 
trols a security device that is connected between a 
user's terminal and the user's modem. In particular, 
the user dials the computer system, which receives 
an encrypted first codeword from the security devk». 

10 The computer then instructs the security device to 
change the first encrypted codeword to a second en- 
crypted codeword, disconnects the line, and calls 
back the user. Upon completion of the callback by the 
computer, the security device then sends the second 

15 encrypted codeword to the computer to establish the 
data connection. Thereafter, the computer periodical- 
ly instructs the security device to change to another 
encrypted codeword, upon which the security device 
sends the new encrypted codeword to the computer, 

20 which then checks t he received encrypted codeword 
and thereby verifies the continuing integrity of the 
data connection to the original user. 

Consequently, unless there is a constant re-aff ir- 
matk>n of identity, either by full data encryption or. as 

25 suggested by the Michener patent, by periodic re-au- 
thentication, an intruder can bridge the line and take 
over the data connection thereby gaining unautho- 
rized access to resources and informatton or injecting 
information to his advantage. However, this prior art. 

30 while provkJing a level of protectbn against an active 
wire tap, is not the complete answers to the problem. 
For example, full data encryption affecte both the 
cost and complexity of the communk:atk>ns system 
typk^ly involving the computer and the user's termi- 

35 nal. Similarly, the Michener patent requires modifica- 
tion of the computer's software and a separate secur- 
ity devk^e between the user's terminal and the user's 
modem. 

40 Summary of the Invent ton 

The present invention provides the users, own- 
ers, and operators of computers with flexibility in pro- 
viding access security against an active wire tap of a 

45 PSTN data connectton to a computer. In particular, we 
have realb^ that the one component typically com- 
mon in a PSTN data connectton is the equipmentthat 
mediates t)etween the terminal equipment and the 
transmissnn medium, i.e., the nKxlem itself. There- 

50 fore, and in accordance with the principles of this in- 
vention, access security is provided to a PSTN data 
connection by a continuous re-authentication proce- 
dure between the nrH>denr\s. This continuous re-au- 
thentication procedure occurs in a non-interfering 

55 manner by using a skle channel of the data connec- 
tion to periodically or aperiodically send authentica- 
tion information during the duration of the data con- 
nection. The sHie channel can be in-band, where the 
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re-authentication information is time-division multi- 
plexed In between any data transmissions, or the side 
channel can be out-of-band. where a narrow portion 
of the available bandwidth is used to exchange the 
re-authentication information using frequency divi- s 
sion multiplexing (FDM) techniques. As a result, ac- 
cess security is transparently provided to the PSTN 
data connection and neither additional security devic- 
es, nor modification of the user's equipment, or the 
computer system, is required. io 

In one embodiment of the invention, both the an- 
swering nKxlem and the originating nnodem support 
the DES algorithm and the answering modem re- au- 
thenticates the originating modem. In order to re-au- 
thenticate the originating modem, the answering mo- is 
dem occasionally initiates a challenge/response se- 
quence throughout the duration of the data connec- 
tion. In particular, the answering modem comprises a 
list of data encryption keys where each data encryp- 
tion key corresponds to an identifier that is associat- 20 
ed with a particular noodem. Upon answering a tele- 
phone call, the answering nKxlem requests the orig- 
inating nuxjem to kientify itsetf, by sending its identi- 
fier, so that the answering modem can select the as- 
sociated data encryption key. Thereafter, t he answer- 25 
ing modem occasnnally generates a random number 
that is sent as a challenge to the originating modem, 
which, upon receiving the challenge, returns a re- 
sponse to the answering modem. This response is an 
encrypted form of the random numt>er, where the 30 
originating modem's encryption process uses a data 
encryption key that is klentical to the data encryption 
key used by the answering modem. The latter de- 
crypts the response and compares it to the challenge. 
If the decrypted response and the challenge nnatch, 35 
the originating modem's identity has been verified. 
On the other hand, if the decrypted response and the 
challenge do not match, indicating that a possible 
spoofing attempt has been detected, the answering 
nrKxlem nnerely drops the data connectk>n. 40 

Brief Description of the Drawing 

FIG. 1 is a block diagram of a point-to-point data 
communications system; 45 
FIG. 2 is a t>lock diagram of a modem embodying 
the principles of the invention that ts used in the 
data communications system of FIG. 1 ; 
FIG. 3 Is a flow diagram of a method used in the 
modem of FIG. 2; so 
FIG. 4 is a flow diagram showing the re-authen- 
tication procedure embodying the principles of 
the invention: 

FIG. 5 is a flow diagram of another method used 
in the modem of FIG. 2; 55 
FIG. 6 is a diagram showing an out-of-t)and side 
channel for use in the modem of FIG. 2; and 
FIG. 7 is a diagram showing an in-band side 



channel for use in the modem of FIG. 2. 
Detailed Description 

A point-to-point data communications system is 
shown in FIG. 1. In the following example, it is as- 
sumed a calling party (the user) at terminal 110 orig- 
inates a telephone call in order to access the called 
party (computer 150) through originating modem 
120, telephone network 130. and answering nnodem 
200. Lines 201 and 121 are representative of typk:al 
"tip/ring." or local loop, access provided by telephone 
network 130. Both modems 120 and 200 embody the 
principles of the invention, however, for simplicity 
only OKxlem 200 is shown in detail in FIG. 2. Except 
for the inventive concept discussed below, nnodem 
200 is representative, as is known in the art, of data 
communications equipment, which interfaces data 
terminal equipment e.g.. computer 150, to a data cir- 
cuit - here the PSTN. The PSTN is represented by 
lines 201 and 121, and telephone network 130. In 
partknjiar, in the context of this invention, the term 
data conrvnunicatk>ns equipment means an appara- 
tus that provides 1) the functk>ns required to establish 
a data connection and 2) provides for the signai con- 
version and coding between the data terminal equip- 
ment and the data circuit Modem 200 comprises 
memory 220, CPU 210, digital signal processor 
(DSP) 250. data encryption processor 230. data con>- 
munications interface 260, and data terminal inter- 
face 240. CPU 210 is a microprocessor central proc- 
essing unit which operates on. or executes, program 
date stored in memory 220, via path 211. Memory 
220 is representative of random access mennory, and 
comprises a number of representetive storage loca- 
tk)ns, of whkih a subset is shown in FIG. 2. It is as- 
sumed that txiemory 220 includes key list 221. Data 
encryption (wocessor 230 supports the DES encryp- 
tkin standard and operates on data supplied by CPU 
210 via lead 213. Illustratively, data encryption proc- 
essor 230 functk>ns in accordance with the "electron- 
ic code-book encryption" process specified by the 
DES Standard, e.g.. "Federal Information Processing 
Standard 46." It should be noted that for darity data 
encryption processor 230 is shown separate from 
CPU 210 and nnemory 220. However, as will become 
dear from the fdlowtng description, an alternative, 
and less costly, implementatton is one where the data 
encryption algorithm executed by data encryption 
processor 230 is simply directiy performed by CPU 
210, which would execute a data encryptbn program 
stored in menrary 220. Finally, for simplidty. it is as- 
sumed that DSP 250 indudes other well-known proc- 
essing functnns and drcuitry, like filters, analog-to- 
digital converters and digital-to-analog converters for 
processing an incoming or outgoing signal. 

As a result of the originating telephone call from 
modem 120. nwdem 200 receives an incoming signal. 
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on lead 201 . from telephone network 1 30. This incom- 
ing signaJ is applied by data communications Inter- 
face 260 to DSP 250. The latter, under the control of 
CPU 210, perfornr^ a CCITT V.32 call establishment 
sequence that includes modem handshaking and 5 
training to establish the data connection with modem 
120. After the establishment of the data connection. 
DSP 250 performs the signal conversion and coding 
for the resultant data streams between computer 150. 
via data terminal interface 240, and terminal 110, via io 
data common icatnns interface 260. etc. 

In accordance with the principles of this Inven- 
tion, answering modem 200 provides a user transpar- 
ent (cryptographic) one-way node-to-node re-au- 
thentication of originating modem 120 via a chal- is 
lenge/response protocol, which is illustrated in the 
flow diagram of FIG. 3. In particular, after establishing 
the data connection with originating modem 120 in 
step 305. CPU 210 proceeds to step 310 and sends 
a request to modem 120 for its modem identrf icaUon 20 
(ID) number, via DSP 250. The modem ID number is 
a predetermined number assigned to the originating 
modem (discussed bek>w). If CPU 210 does not re- 
ceive the originating modem's ID number in step 315, 
CPU 210 simply sends a message "access denied" 25 
and drops the data connectnn in step 350. However, 
if CPU 210 receives the originating modem's ID nunrv 
ber, CPU 210 proceeds to step 320 and retrieves from 
key list 221 a corresponding data encryptk)n key. Key 
list 221 is stored in memory 220 a priori, and repre- so 
sents a plurality of modem ID numbers, each of which 
represents a possible originating modem, where each 
modem ID number is associated with a data encryp- 
tion key. This associated data encryption key, like the 
modem ID, is also determined a priori in the originat- 35 
ing modem. 

After retrieving the associated data encryption 
key for modem 120, CPU 210 randomly generates a 
number, which is known as a challenge in step 325. 
This challenge is sent to nr»odem 120 in step 330. 40 
Upon receiving the challenge from nxxlem 200, mo- 
dem 120 encrypts the challenge, via its data encryp- 
tion processor (not shown), to generate a response, 
l.e., a form of "cipher text," which is sent back to mo- 
dem 200. The encryptbn performed by modem 120 45 
uses its stored data encryptnn key, mentk>ned 
above. Both the challenge and the response each 
comprise at least 20 bits of data so that t here is a one 
in a mQlion chance of discovery of the correct re- 
sponse. If CPU 21 0 does not receive a response from so 
modem 120 in step 335, CPU 210 sends a message 
"access denied' and drops the data connection in 
step 350. However, if CPU 210 receives a response, 
CPU 210 proceeds to step 340 and decrypts the re- 
sponse using the associated data encryption key re- 55 
trieved in step 320. The decryption of the received re- 
sponse is performed by CPU 21 0 via data encryption 
processor 230, which supports the DES encryption 



standard. CPU 210 then verifies the identify of mo- 
dem 120. If the decrypted response and the chal- 
lenge do not match in step 345, CPU 210 sends a 
message "access denied' and interrupts, e.g., drops 
the data connectk>n in step 350. (It should be noted 
at this point that other alternatives for answering nrto- 
dem 200 exist, e.g., instead of dropping the data con- 
nection, initiating a "trace' of the data connection.) 
However, if CPU 210 verifies the Identity of modem 
120, i.e., the decrypted response and the challenge 
match, CPU 21 0 does not disturb the data connection 
and proceeds to step 355, where it checks if this is the 
completion of the first re-authentication attempt If 
this is the completion of the first re-authentication at- 
tempt, CPU 210 enatiles the transfer of data informa- 
tk>n between modem 200 and modem 120 in block 
360. Once the data transfer is enabled, subsequent 
re-authentication attempts bypass step 360 and pro- 
ceed directty to step 370, where CPU 210 sets an in- 
terrupt for a predetermined period of time T. After t he 
period of time. T, passes, CPU 210 re-authenticates 
the data connection by repeating steps 325 through 
345. This re-authent>catk>n process continues for the 
duratton of the data connection. 

The above-described authenticatwn process is 
also shown in FIG. 4. Answering modem 200, the 
grantor, transmits a "send nnodem ID" message 605 
to originating nmdem 120, the requestor, which re- 
sponds by transmitting "ID" 610. Afterthis, answering 
modem 200 transmits "challenge" 615 to originating 
nrKxlem 120, whteh transmits "response" 620. If the 
decryption of response 620, as described above, 
matches challenge 615, answering nuxlem 200 niay 
send "OK" message 625. However, if the decryption 
of response 620 does not match challenge 615, mo- 
dem 200 sends an "access denied" message 630. 

An alternative nwthod to the one described 
above and shown in FIG. 3 is shown in FIG. 5. The 
only difference is in steps 540 and 545. In step 540, 
nfK>dem 200 encrypts the challenge that was trans- 
mitted to modem 120 In step 330. The challenge Is en- 
crypted using the data encryption key associated 
with nxxJem 120 and retrieved in step 320. A verifica- 
tion of the identity of modem 120 is performed by 
comparing the encrypted challenge and the response 
from nxKlem 120 in step 545. As described above, if 
the challenge as encrypted by modem 120, i.e., its re- 
sponse, matches the challenge as encrypted by mo- 
dem 200, then the data connection is not disturbed 
and CPU 210 proceeds to step 355. However, if a 
match does not occur, the data connection is inter- 
rupted in step 350. 

The above-described re-authentication process 
of FIGs. 3 and 5 takes place on a side channel of the 
data connection. In other words, a portion of the 
bandwidth of the data connectton Is used to transport 
the re-authentication information. As a result the 
data connection comprises a primary channel - for 
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transporting the data — and a side channel — for 
transporting ancillary information. This side channel 
essentially multiplexes the re-authentication Informa- 
tion with the transport of data. Specifically, for a side 
channel, either an in-band channel or an out-of-band 5 
channel is used. 

An example of an out-of-band side channel is one 
that does frequenc^divtsion-multiplexing (FDM) of 
the data and the re-authentication information. This 
form of out-of-band channel is also known as a "sec- io 
ondary channel," which is typically a narrow part of 
the frequency spectrum that is dedicated to a low bit 
rate channel. An BlusfaBtive frequency spectrum is 
shown in FIG. 6.. where It is assumed that the data 
connection comprises primary channel 410. with is 
bandwidth which transmits the data information, 
and ancillary, or narrow-band, channel 405, with 
bandwidth /„, which transmits the re-authentication 
information. 

An example of an in-band side channel is one that 20 
performs time-division-multiplexing of the data and 
the re-authentication information. This is shown in 
FIG. 7, where it is assunned that the actual structure 
for transmitting data between nrKxJem 200 and mo- 
dem 120 utilizes an underlying modem protocol, like 2S 
a nwdified version of CCITT V.42. The latter is an 
HDLC-like protocol that comprises "data frames" for 
the transmission of data and "control frames" for the 
transmission of control, or ancillary, information. As 
shown in FIG. 7. data frames, like data frame 510. are 30 
time-division-multiplexed with control frames, like 
control frame 505. The re-authentication information 
is simply transmitted between modems 200 and 120 
using known techniques within control frame 505. 

As described above, both the originating modem 35 
and the answering modem share the same data en- 
cryption key during the re-authentication process. 
This is known as "symmetric" data encryption. Con- 
sequently, both modems must store the same data 
encryption key informatkin. In addition, at least the 40 
originating nrKxlem must store its modem ID. Finally, 
one, or both, of these nxxJenr^ maintains the above- 
described key list, whch associates a list of possible 
originating modem IDs with respective data encryp- 
tion keys that are kientical to the data encryption key 45 
stored in the kientified modem. All of this infbrmatk>n 
is initialized a priori using well-known techniques for 
administration of modem parameters. For example, 
this informatk>n can be entered via a terminal con- 
nected tothe modem, orcan be remotely initialized by 50 
the use of "downloading" techniques. 

Although the above-described repetitive re-au- 
thentication protocol illustiBtes a challenge/response 
protocd, other re>authenticatk>n protocols are possi- 
ble. For example, although less secure than the ss 
above-described approach, modems 120 and 200 
can use a simple password technkjue in which each 
nKxlem comprises an identical list of passwords. 



where each password is associated with a numt>er. In 
this context, the challenge sent by nriodem 200 is sim- 
ply one of the numbers that is associated with a pass- 
word. The response by modem 120 is simply the 
password assigned to that number (challenge). Mo- 
dem 200 then compares the received password (re- 
sponse) with the correct password as indicated on its 
list of passwords in order to determine the authenti- 
cation of modem 120. 

Another example, which is as secure as the 
above-described symmetnc data encryption chal- 
lenge/response protocol, is the use of a "publk; key" 
technique, which is an "asymnietric" form of data er>- 
cryptkin like the currentiy proposed "Digital Signature 
Standard" developed by the U.S. National Institute of 
Standards and Technology (NIST). The public key 
technique is asymmetric because different keys are 
used for encryption and decryption. Furthermore, 
one key is kept secret; the other key can be made 
public knowledge. In particular, modem 200 sends a 
challenge, as described above, to modem 120. How- 
ever, modem 1 20 returns the challenge with a "digital 
signature" and a "certif k:ate" attached. The digital sig- 
nature is a digital bit pattern that is a function of the 
challenge and nwdem 120's secret data encryption 
key, whteh is not known to rrwdem 200. The certifh 
cate, as is known In the art, includes identification in- 
formation from modem 120 and the public key. In this 
approach, modem 200 does not have to keep a list of 
modem identifiers and associated data encryption 
keys since the "requestor" will always supply the pub- 
lic key. 

The foregoing merely illustrates the principles of 
the invention and it will thus be appreciatBd that 
those skilled In the art wDI be able to devise numerous 
alternative arrangements which, although not explic- 
itly described herein, embody the principles of the in- 
vention and are within its spirit and scope. 

For examine, although the continuous re-authen- 
tication process described above was illustrated in 
the context of a modem-to-modem data connection, 
other forms of data communications equipment, like 
terminal adaptors, can perform this continuous re- 
authentication. 

In addition, although the re-authenticatk>n is con- 
tinuous, the time delay, T, t}etween re-authentication 
attempts does not have to be periodn, t>ut can be 
"aperiodic" i.e., variable, throughout the duration of 
the data connection. Further, other forms of side 
channels are possible, like modulation of the primary 
signal point constellation. Also, although, as descri- 
bed at>ove, the originating modem's ID was received 
after the handshaking process, the receipt of modem 
Mentif ication information can occur during the hand- 
shaking process. 

Also, although the above example illustrated a 
one-way challenge/response authenticatk>n using 
encryption, any type of authentication protocol, like a 
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two-way, node-to-node, re-authentication protocol, 
can be used to authenticate the identify of the conri- 
municating entity. For example, to provide a two-way 
re-authentication protocol, the originating modem 
performs simflar steps to the answering modem as 5 
described above and shown in FIG. 3. Specifically, 
the originating modem also requests the answering 
modem to identify itself, upon which the originating 
modem issues a challenge that must be correctly en- 
crypted by the answering modem. If the decrypted re- io 
sponse of the answering modem does not match the 
originating nx)dem's challenge, the originating mo- 
dem interrupts the data connection. 



Claims 

1. Data communications equipment apparatus for 
re-authenticating a user of a data connection, the 
data communications equipment apparatus conv 20 
prising: 

means for sending a plurality of challeng- 
es to and for receivrng a i^urality of responses 
from a second data communication equipment 
apparatus of the user, where each one of the plur- 25 
ality of responses corresponds to a respective 
one of the plurality of challenges; and 

means for verifying each one of the plur- 
ality of responses as a function of each one of the 
respective plurality of challenges to provide an 30 
output representative of the verification of each 
one of the plurality of responses, whereby if the 
output represents that one of the plurality of re- 
sponses is not verified the data connection is in- 
terrupted. 35 

2. Hie apparatus of daim 1 wherein the means for 
verifying is also a function of an identifier of the 
second data communications equipment appara- 
tus. 40 

3. Hie apparatus of daim 2 wherein the means for 
sending and receiving sends a request for identi- 
fication to the second data communications 
equipment apparatus and receives the identifier 45 
from the second data communications equipment 
apparatus. 

4. The apparatus of daim 3 wherein the means for 
verifying provides a plurality of decrypted re- so 
sponses. each one of which is a function of a data 
encryption key that is selected as a function of 

the identifier of the second communications 
equipment apparatus and wherein the means for 
verifying compares each one of the plurality of 55 
decrypted responses with each respective one of 
the plurality of challenges to provide the output 
representative of verification, whereby if there is 



a mismatch between a respective one of the plur- 
* ality of challenges and the one of the plurality of 
decrypted responses the data connection is in- 
terrupted. 

5. The apparatus of daim 3 wherein the means for 
verifying encrypts each one of the plurality of 
challenges, where the encryption is a function of 
a data encryption key that is selected as a func- 
tion of the identifier of the second communica- 
tions equipment apparatus and wherein the 
means for verifying compares each one of the 
plurality of responses with each respective one of 
the plurality of encrypted challenges to provide 
the output representative of verification, whereby 
if there is a mismatch between a respective one 
of the plurality of encrypted challenges and the 
one of the plurality of responses the data connec- 
tion is interrupted. 

6. The apparatus of daim 1 wherein the means for 
verifying is a function of a symmetric data encryp- 
tion algorithm. 

7. The apparatus of daim 1 wherein the means for 
verifying is a function of an asymmetric data en- 
cryption algorithm. 

8. The apparatus of daim 1 wherein each one of the 
respective challenges is a random number and 
the data communications equipment apparatus is 
a modem. 

9. A method for re-authenticating a user of a data 
connection for use in a first data communications 
equipment apparatus, the data connection com- 
prising the first data communk^tions equipment 
apparatus and a second data communication 
equipment apparatus of the user, the method 
comprising the steps of: 

a) sending a plurality of challenges to and for 
receiving a plurality of responses from the 
second data communication equipment appa- 
ratus, where each one of the plurality of re- 
sponses corresponds to a respective one of 
the plurality of challenges; and 

b) verifying each one of the phjrality of re- 
sponses as a function of each one of the re- 
spective plurality of challenges to provide an 
output representative of the verification of 
each one of the plurality of responses, where- 
by if the output represents that one of the plur- 
ality of responses is not verified the data con- 
nection is interrupted. 

1 0. The method of daim 9 wherein the verifying step 
b) is also a function of an identifier of the second 
data communk»tions equipment apparatus. 
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11. The method of claim 10 wherein the sending and 
receiving step a) sends a request for identrfica- 
tron to the second data communications equip- 
ment apparatus and receives the kJentifter from 
the second data communications equipment ap- 5 
paratus. 

12. The method of claim 11 wherein the verifying 
step b) includes: 

providing a plurality of decrypted respons- tc 
es, each one of which is a function of a data en- 
cryption key that is selected as a function of the 
identifier of the second communications equip- 
ment apparatus; and ' 

comparing each one of the plurality of de- u 
crypted responses with each respective one of 
the plurality of challenges to provide the output 
representative of verification, whereby if there Is 
a mismatch between a respective one of the plur- 
ality of challenges and the one of the plurality of 21 
decrypted responses the data connection is in- 
terrupted. 



equipment apparatus a key list comprising a 
plurality of ktenttf k:atk)n numbers, each iden- 
tificatnn number associated with a data en- 
cryptton key; 

b) receiving in the first data oonununications 
equipment apparatus an identification num- 
ber from the second data communications 
equipment apparatus; 

c) retrieving from the key list the data encryp- 
tion key associated with the identification 
number received from the second data com- 
munications equipment apparatus; 

d) sending a challenge from the first data 
communications equipment apparatus to the 
second data communications equipment ap- 
paratus, the challenge comprising a number; 

e) receiving in the first data communications 
equipment apparatus a response from the 
second data communications equipment ap- 
paratus, the response comprising a number, 
and 

f) processing in the first data communications 
equipment apparatus the response from the 
second data communications equipment ap- 

25 paratus as a function of the retrieved data en- 

cryption key to provide an output representa- 
tive of t he verification of the response, and re- 
peating steps d) through f) if the output is rep- 
resentative of the verifttatk>n of the klentify of 
30 the second data communications equipment 

apparatus, and interrupting the data connec- 
tion if the identify of the second data commu- 
nicatnns equipment is not verified. 

35 18. The method of claim 17 wherein the processing 



ia The method of claim 11 wherein the verifying 
step b) includes: 

encrypting each one of the plurality of 
challenges, where the encryption is a function of 
a data encryption key that is selected as a func- 
tion of the identifier of the second communica- 
tions equipment apparatus; and 

comparing each one of the plurality of re- 
sponses with each respective one of the plurality 
of encrypted challenges to provkle the output 
representative of verification, whereby if there is 
a mismatch between a respective one of the plur- 
ality of encrypted challenges and the one of the 
plurality of responses the data connection is in- 
terrupted. 

14w The method of claim 9 wherein the verifying step 40 
b) is a function of a symmetric data encryption al- 
gorithm. 

1 5. TTie method of claim 9 wherein the verifying step 
b) is a function of an asymmetric data encryption 45 
algorithm. 

18. The method of daim 9 wherein each one of the 
respective challenges is a random number and 
the data communications equipment apparatus is 50 
a modem. 

17. A method for r&-authenticating a user of a data 
connection, the data connection comprising a 
first data communications equipment apparatus 55 
and a second data communications equipment 
apparatus, the method comprising the steps of: 
a) storing in the first data communications 



step f) includes: 

processing the response from the second 
data communkstions equipment apparatus by 
decrypting the response as a function of the re- 
trieved data encryption key to provide a decrypt- 
ed response; and 

comparing the decrypted response with 
the challenge of step d) and repeating steps d) 
through f) if the decrypted response is equal to 
the challenge of step d), and interrupting the data 
connection if the decrypted response is not equal 
to the challenge of step d). 

19. The method of daim 17 wherein the processing 
step f) indudes: 

processing the response from the second 
data communications equipment apparatus by 
encrypting the challenge as a function of the re- 
trieved data encryption key to provkie an encrypt- 
ed challenge; and 

comparing the response with the encrypt- 
ed challenge and repeating steps d) through f) if 
the response is equal to the encrypted challenge 
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and interrupting the data connection if the re- 
sponse is not equal to the encrypted challenge. 



10 



15 



20 



25 



30 



35 



40 



45 



SO 



55 



8 



EP 0 588 519 A2 



FIG. 1 



150 



200- 



130- 



120- 



110 



COMPUTER 


151 
.). 


MODEM 


201 
.). 


TELEPHONE 


121 


MODEM 


111 
. ). 


TERMINAL 






NETWORK 







TO 

COMMUNICATIONS 
NETWORK 
201 



260 



DATA 
COMMUNICATION 
INTERFACE 



220- 



FIG. 2 





y250 




^240 


252 
J . 


DIGITAL 
SIGNAL 


.f. 


DATA 
TERMINAL 
IffTERFACE 




PROCESSING 
(DSP) 





KEY UST 



MODEM ID 



MODEM DATA ENCRYPTION KEY 



BLOCK 305 



BLOCK 310 



BLOCK 360 
MEMORY 



221 
222 
223 



200 



TO 
TERMINAL 
EQUIPMENT 




EP 0 588 519 A2 



FIG. 3 



305 



ANSWER CAa AND ESTABUSH 
THE DATA CONNECTION 



REQUEST CALUNG MODEM ID 




RETRIEVE KEY BASED ON 
CALUNG MODEM'S ID 



GENERATE A RANDOM 
NUMBER CHALLENGE 



325 



330 



SEND THE RANDOM NUMBER 
CHALLENGE TO THE CALLING MODEM 



370 



WAIT 
TIME T 



350 




360>. 



DECRYPT THE RESPONSE USING 
THE RETRIEVED KEY 



DO NOT 
MATCH 



SEND MESSAGE 
"ACCESS DENIEOT AND 
DROP THE DATA 
CONNECTION 




ENABU 
TRAN 


: DATA 
SFER 




YES 



MATCHES 




10 



EP0 588 519 A2 



FIG. 4 




11 



EP 0 588 519 A2 



FIG. 5 



305 



ANSWER CALL AND ESTABLISH 
THE DATA CONNECTION 



-310 



REQUEST CALUNG MODEM ID 




RETTOEVE KEY BASED ON 
CALUNG MODEM'S ID 



/-325 



GENERATE A RANDOM 
NUMBER CHALLENGE 



330 



SEND THE RANDOM NUMBER 
CHALLENGE TO THE CALUNG MODEM 



370 



WAIT 
TIME T 



350 




360 1 



ENABLE DATA 
TRANSFER 



ENCRYPT THE CHAUINGE USING 
THE RETRIEVED KEY 



DO NOT 
MATCH 



SEND MESSAGE 
"ACCESS DENIEOr AND 
DROP THE DATA 
CONNECTION 




MATCHES 




12 



EP0 588 519 A2 




FIG. 7 



510 



_J 

DATA FRAME 



505>^ 

CONTROL FRAME 



DATA FRAME 



13 



® 



J 



Europaisches Patentamt 
European Patent Office 
Office europden des brevets 




@ Publication number: 0 588 519 A3 



@ 



EUROPEAN PATENT APPLICATION 



@ Application number: 93306791.0 
@ Date of filing : 26.08.93 



@ Int. Cl.^: G06F 1/00, G06F 12/14 



@ Priority : 31.08.92 US 937009 

@ Date of publication of application : 
23.03.94 Bulletin 94/12 

@ Designated Contracting States : 
DE FR GB IT 

@ Date of deferred publication of search report : 
25.05.94 Bulletin 94/21 

@ Applicant : AMERJCAN TELEPHONE AND 
TELEGRAPH COMPANY 
32 Avenue of the Americas 
New York. NY 10013-2412 (US) 



@ Inventor : Scott, Robert Earl 
640 Bayway Boulevard, Nr. 204 
Clearwater, Florida 34630 (US) 
Inventor : Smith, Richard Kent 
13471 Alpine Avenue 
Seminole, Florida 34646 (US) 

@ Representative : Buckley, Christopher Simon 
Thirsk et al 
AT&T (UK) LTD., 

AT&T Intellectual Property Division, 
5 IMornlngton Road 

Woodfoixl Green, Essex iG8 OTU (GB) 



@ Continuous authentication using an in-band or out-of-band side channel. 



(St) A re-authentication procedure between the 
modenis of a public switched telephone net- 
work (PSTN) data connection, which is between 
a computer facility and a user, provides a sec- 
ure method for protecting the computer facility 
against an active wire tap, or spoofing, by an 
intruder. In particular, the user's modem and 
the computer's modem perfomi a re-authenti- 
cation procedure throughout the duration of 
the data connection. This re-authentication pro- 
cedure is transparently performed on a side 
channel of the data connection. This side chan- 
nel can either be an In-band channel or an 
out-of-band channel. The re-authentication pro- 
cedure comprises an exchange of encrypted 
information between the two modems. If one of 
the modems detects the presence of an active 
wire tap. that modem simply intenupts the data 
connection. 
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